Why Cloudflare is banning CNAME from other users? Why exposing the origin IP? Why not we can’t even manage WAF, PageRules for those who CNAME to our domain/subdomain?
If they don’t use Cloudflare, they can’t benefit from easy SSL, and thats fine. (they can atleast purchase SSL certificate from their registrar) But if they do use Cloudflare, they can use proxy to use SSL. But we can’t manage the pagerules, WAF etc…
And if the user unproxy () our origin IP is exposed. This is not at all recommended. We all love Cloudflare.
Please do consider updating this Solution. Incoming CNAME shouldn’t be banned. Atleast make there a toogle switch with adding sub/domains to use for CNAME for everyone.
Now-a-days people are not only doing blogging. But they are creating sites that help other peoples too. But this kind of restriction here make many developers stop making these kind of apps.
Client and your record is the normal way to do it when configured correctly, normally on an Enterprise plan. This means the service provider (or the target of the CNAME) will manage the settings for the domain.
If you point a record to a record on another account at the moment, it normally does not let you proxy it but forces it to DNS only to avoid this issue.
I would imagine the infrastructure needed to provision potentially thousands of extra SSL certificates is why Cloudflare puts a price tag on it. Even if you don’t plan to have thousands of CNAMEs to your domain, someone will and it would slow down SSL provisioning for first-class customers.
Allowing only Cloudflare clients with is another way. And block all other requests. May to can be used in a way to provision SSL from clients side and managing pagerules, workers, WAF (if possible with toggle) on the providers side.
Enterprise users can extend this capability of this with managed SSL for even For all others this could be a good thing to give. This will also in a way most clients to use Cloudflare.
I want my user who is a cloudflare user also to point to my domain. And i don’t wanna expose my origin ip at all. And let me manage the pagerules for those who point to my domain. By making same pagerule for both url. And giving me priority for the rule.
This feature is an essential for many users who use cloudflare.
Enterprise is something that is not at all possible for people like me. And that feature SSL for SAAS is good for pointing even from non-Cloudflare customers. But managing pagerules of other Cloudflare users can be easily done (orange-to-orange). And provisioning ssl won’t be hard. And ofcourse if user the record block it… or force the record since it points to ours.